botnet

No Image

How to check if your DNS Server was hacked

Post initially published in Avira Techblog. You must have heard already about the already “famous” malware DNSChanger which manipulates the DNS settings of the computer in order to silently direct the users to malicious websites. FBI and others took action against this malware and in November 2011 have managed to break the botnet. According to FBI, more than 4 million computers were affected world-wide. The thieves manipulated DNS entries in order to block antivirus programs and the operating systems to update delivering this way even more malware on users’ computers. The DNSChanger malware was used also to redirect users to rogue servers controlled by the fraudsters, allowing them to control users’ web activity and generate income through online advertising. When FBI shut down the botnet, they also replace the servers which were directing to malicious domains with valid DNS servers. So, if the botnet is shut down why all this trouble? FBI will deactivate those new valid DNS servers on March 8, 2012. If your computer was infected at some point in time and it was using one of the DNS servers which are now controlled by FBI, after March 8, it will no longer be able to make any DNS…


No Image

A closer analysis of DE-Cleaner from Symantec

I was curious about how the DE-Cleaner of Symantec works, so I downloaded the software and give it a closer look. I did not dissemble it or anything similar… I simply performed a little black box testing. So, I started it without any internet connection. The result was: no scanning was possible. DE-Cleaner requires an Internet connection. This is an indication that the software is an in-the-cloud scanner. After seeing this, I searched on the website botfrei.de more details. And I found them… yes, indeed the Symantec De-Cleaner needs an Internet connection. This is why the file has the size of only 6 MB – because it contains no signatures. After allowing it to connect to the Internet through the Avira Firewall, I let it scan a folder. And the results were: MANY FALSE POSITIVES which should have been easily skipped. Let’s take one of them, which is the software I bought for preparing myself for the exam CompTIA Project+ which I took in July. I don’t know how you see it, but I find not enough infos to say that the software is suspicious. I think that the guys from Symantec have still a lot of work ahead to…


No Image

Virus Bulletin Article on Anti-Botnet-Initiative

Virus Bulletin Article on Anti-Botnet-Initiative The Virus Bulletin Magazine has published an article on the anti-botnet initiative in which Avira takes part. The goal is to clean infected computers and reduce the impact of cyber criminal activities. Read the article here (.pdf, 111kb) or head over to the Virus Bulletin web site where the magazine is available as whole!



%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close